POSTED: 1:18 p.m. HST, Dec 20, 2013
LAS VEGAS >> A Las Vegas company that owns casinos in Nevada, Colorado, Iowa and Missouri fell victim to a cyberattack earlier this year, compromising the credit and debit card information of patrons at 11 sites, company officials said Friday.
Affinity Gaming officials said its system is now secure, but it recommended that customers who visited its casinos and hotels between March 14 and Oct. 16 check their card statements for suspicious activity and put a fraud alert on their accounts.
"Affinity regrets any inconvenience this incident may cause and has established a confidential, toll-free inquiry line to assist its customers," the company said in a statement Friday.
The company was notified Oct. 24 about fraudulent charges that may have been linked to an Affinity casino in Iowa. Affinity said it immediately began an investigation that determined the system used throughout the casino chain was infected by malware.
A notice was posted on the company's website Nov. 14, while Friday's notice was distributed more broadly.
It wasn't clear how many cardholders are affected, but Affinity's lawyer, Jim Prendergast, estimated it was fewer than 300,000.
Authorities were still investigating the source of the hack. Las Vegas police and officials from the FBI and Nevada Gaming Control Board weren't immediately available to comment on the situation.
Affinity Gaming owns five casinos in Nevada: Silver Sevens Hotel & Casino in Las Vegas; Rail City Casino in Sparks; and Buffalo Bill's Resort & Casino, Primm Valley Resort & Casino, and Whiskey Pete's Hotel & Casino, in Primm, near the California state line.
The company also owns Golden Mardi Gras Casino, Golden Gates Casino and Golden Gulch Casino in Black Hawk, Colo.; Lakeside Hotel & Casino in Osceola, Iowa; Mark Twain Casino & RV Park in La Grange, Mo.; and St. Jo Frontier Casino in St. Joseph, Mo.
Affinity also announced a separate breach at the large Primm Center Gas Station in Primm.
Prendergast said skimmers that can surreptitiously read debit and credit card data were placed on three gas pumps on an unknown date, and the situation was cleared by Nov. 29.
The toll-free phone number for customers to call for more information is 877-238-2179.